The WannaCry ransomware — so called takes over your computer, encrypts your files and threatens to delete them unless you pay about $300 in Bitcoin — became instant news on Friday when security researchers estimated that 57,000 computers in more than 150 countries were infected by the end of the day.
WannaCry is far and away the most severe malware attack so far in 2017, and the spread of this troubling ransomware is far from over. While the spread of this terrifying ransomware was slowed on Saturday, it was hardly stopped. As of Monday morning, more than 200,000 systems around the world are believed to have been infected.
Where did this Come From
The WannaCry ransomware affects machines running the Windows operating system. It was a security flaw that was originally exploited by the U.S. National Security Agency (NSA) which was then leaked earlier this year as the latest in a series of leaks by a group known as the Shadow Brokers. Hackers are now using this themselves. The NSA had discovered the EternalBlue exploit and had been keeping it under wraps for it’s own intelligence gathering purposes.
Since the attack, Microsoft company president Brad Smith issued a blog post calling the WannaCry attack a “wake-up call” for the international governments and the tech sector to stop exploiting digital vulnerabilities and work together.
What does it do:
WannaCry is a very dangerous type of malware Trojan called Ransomware (see our other ransomware blog posts). These type of attacks work by encrypting most or even all of the files on a user’s computer. In the case of WannaCry specifically, the software demands that the victim pays a ransom of $300 in bitcoins at the time of infection. If the user doesn’t pay the ransom without three days, the amount doubles to $600. After seven days without payment, WannaCry will delete all of the encrypted files and all data will be lost.
This ransomware attack targeted Microsoft Corp.’s Windows computers, mostly at businesses and government organizations, and affected everything from hospitals in the U.K. to Fedex in the U.S. to fuel-card issuers in China.
Windows machines that haven’t installed the security patch that the company released in March, or the emergency patch that was released for older systems over the weekend were the victims. If you are on these systems and have not already updated or patched, you need to immediately install the security update Microsoft released on Friday night.
What Should You Do if You Have Already Been Attacked
Sadly, there is no fix for WannaCry available at this time. Antivirus companies and cybersecurity experts are hard at work looking for ways to decrypt files on infected computers, but no means of third-party decryption are available right now. While you cannot completely decrypt the attack currently, there are still some things that we recommend you do IMMEDIATELY if you find yourself victim of this attack:
- Do not pay the ransom demanded by the WannaCry ransomware, cybersecurity firm Check Point warned in a blog post Sunday. The company said there is no evidence of the hackers giving people files back.
- For individuals, it might be worth contacting local IT support services.
- Businesses should contact law enforcement and provide as much information as possible.
- Restore backups of data.
If you would like any help or are worried your company may be at risk, contact Orion today.